Clipper isn't the only encryption chip available. VLSI
Technology makes chips so secure that you can't read the key by
slicing them open for microscopic examination, and Mykotronyx
encryption for government satellite control would require $Bs to
break. Other companies in this arena are Lattice Semiconductor,
Advanced Micro Devices, and Xidex. Michael Gianturco suggest
investing in them, as commercial services on the Infobahn will
all require encryption. [Forbes, 4/25/94.]

FTP daemon software prior to V2.3 may contain a Trojan horse.
The Computer Emergency Response Team Command Center recommends
immediate replacement from /networking/ftp/wuarchive-ftpd on
ftp.uu.net. [Chronicle of Higher Education, 4/13/94. EDUPAGE.]
(Downloads from wuarchive may be the only copies infected.)

Wilson Hsieh is circulating a warning that WWW URLs can use
telnet commands to delete files or execute arbitrary programs
on your Unix host. Watch for URLs at the bottom of your Mosaic
screen that contain semicolons followed by Unix commands.
You can prevent such links from executing by putting a
"Mosaic*xtermCommand: ;" command in your .Xresources or
.Xdefaults file. [cetus news. wchsieh@denhaag.lcs.mit.edu,
4/5/94. Rich Lethin.]

David LaMacchia, an MIT CS major, has been indicted on one
felony count of conspiring to commit wire fraud. His [alleged]
semi-private CYNOSURE I & II bboard -- different from the Cynosure
Online BBS -- was used for uploading and downloading over $1M in
copyrighted commercial software. More than 180 users were logging
in per day, many via an anonymous server in Finland. A 1992 law
makes it a felony to make 10 copies of copyrighted software or
to copy and distribute programs worth $2,500 in total. Federal
prosecutors intend to make this the first of many prosecutions.
[SJM, 4/8 and 4/9/94.] For more on this, see the Computer
underground Digest, cudigest from listserv@vmd.cso.uiuc.edu.
LaMacchia's defense, according to his lawyer, is that he did
no copying himself and is no more liable than is AT&T for the
conversations on their wires. The indictment claims that
LaMacchia knew what was going on and actively solicited commercial
applications by name. The sysop tried to conceal his use of
Project Athena equipment, warning users not to alert security.
Another student noticed unusual disk activity, and MIT tipped
the FBI about unauthorized use of the equipment. University
disciplinary action has been postponed pending criminal
prosecution. Even if found innocent of criminal charges,
LaMacchia might face lawsuits by software companies.
[Josh Hartmann, THE TECH (archive@the-tech.mit.edu), 4/8/94.
cudigest@mindvox.phantom.com and Jason N. Gull
(jgull@world.std.com), CuD, 4/10/94. comp.society.cu-digest.]
(AT&T is regulated as a common carrier; LaMacchia is not.
It's a legal status with statutory obligations, not just a way
of doing business. This case could set a precedent, as when
CompuServe was judged to be more like a bookstore than a
publisher -- but I wouldn't bet on LaMacchia.)